Undefeatable Transformation for Virtual Machine I/O Operations

1. A non-transitory medium embodying a computer program, the computer program controlling input/output (I/O) operations of a user's computer, the user's computer being implemented as a virtual machine (VM) in a physical computer system, the physical computer system including at least one device, the computer program comprising: an interface software component interfacing with the VM and the physical computer system, the interface software component causing a central processing unit (CPU) of the physical computer system to perform the following operations: sensing a request for an I/O operation between the VM and the device; and performing a transformation of I/O data passing between the VM and the device, said transformation changing contents of the I/O data and being adjunct to complete servicing of the request, as issued, for the I/O operation; the transformation of the I/O data thereby being undefeatable by any user action via the VM.

2. The non-transitory medium of claim 1 , in which: the device is a display; the I/O data is VM display data output from the VM and intended for display; and the transformation is a replacement of at least a portion of the VM display data with display data stored external to the VM; wherein the computer program further causes the CPU to display the VM display data with the non-defeatable display data overlaid.

3. The non-transitory medium of claim 1 , wherein the interface software component further performs the following steps: filtering the I/O data with respect to at least one predetermined filtering condition; and performing the transformation of the I/O data only when the filtering condition is met.

4. The non-transitory medium of claim 3 , wherein the filtering condition is that the I/O data includes at least one restricted term.

5. The non-transitory medium of claim 3 , wherein the filtering condition is that the I/O data is from a restricted source.

6. The non-transitory medium of claim 3 , wherein: the I/O data includes image data; the step of filtering the I/O data comprises detecting the presence of a representation of a target image within the image data; and the transformation is substitution of a representation of a replacement image in place of the representation of the target image.

7. The non-transitory medium of claim 6 , wherein: the I/O data is in a non-character image format; the target image is a representation of a restricted character string; and the step of filtering the I/O data comprises applying character recognition to the I/O data.

8. The non-transitory medium of claim 3 , wherein the filtering condition is the presence in the I/O data of a copy protection indication.

9. The non-transitory medium of claim 1 , wherein the transformation comprises insertion into the I/O data of a source indication associated with the VM.

10. The non-transitory medium of claim 1 , wherein the transformation is time-varying.

11. The non-transitory medium of claim 1 , wherein the device is a network connection device.

12. The non-transitory medium of claim 11 , wherein the transformation is a bandwidth limiting of the I/O data being transferred between the VM and the network connection device.

13. The non-transitory medium of 11 , wherein: the requested I/O operation is a transfer of the I/O data between the VM and the network connection device; and the transformation is a time delay of the transfer.

14. The non-transitory medium of claim 11 , wherein: the requested I/O operation is a transfer of the I/O data from the VM to a first destination address via the network connection device; the transformation is a redirection of the I/O data to a second destination address different from the first.

15. The non-transitory medium of claim 1 , wherein: the device is a display; the display renders data stored in a display map; and the step of performing the transformation comprises altering a selected portion of the display map.

16. The non-transitory medium of claim 15 , wherein the altering of the selected portion of the display data comprises substituting non-defeatable display data for the selected portion.

17. The non-transitory medium of claim 15 , wherein the altering of the selected portion of the display data comprises changing all occurrences in the display map of a display color to a replacement color.

18. The tangible medium of claim 1 , wherein: the device is a data storage device; the requested I/O operation is a transfer of data between the VM and the storage device; and the transformation comprises changing at least a portion of the data during the transfer between the VM and the storage device.

19. The non-transitory medium of claim 18 , wherein the transformation comprises encrypting data written by the VM to the data storage device and decrypting data read from the data storage device by the VM.

20. The non-transitory medium of claim 18 , wherein the transformation of the I/O data comprises compressing data written by the VM to the data storage device and decompressing data read from the data storage device by the VM.

21. The non-transitory medium of claim 1 , wherein: the device is a network connection device; the requested I/O operation is a transfer of data between the VM and the network connection device; and the transformation comprises changing at least a portion of the I/O data during the transfer between the VM and the network connection device.

22. The non-transitory medium of claim 21 , wherein the transformation of the I/O data comprises encrypting data written by the VM to the network connection device and decrypting data read from the network connection device by the VM.

23. The non-transitory medium of claim 21 , wherein the transformation of the I/O data comprises compressing data written by the VM to the network connection device and decompressing data read from the network connection device by the VM.

24. The non-transitory medium of claim 1 , wherein the transformation of the I/O data comprises cryptographic transformation of the I/O data.

25. The non-transitory medium of claim 1 , wherein: the VM supports a plurality of I/O modes; the interface software component further performs a step of filtering the I/O data with respect to at least one predetermined filtering condition, the interface software component performing the transformation of the I/O data only when the filtering condition is met; the step of filtering is performed on I/O data corresponding to a first one of the plurality of I/O modes; and the predetermined transformation is applied to I/O data in a second one of the I/O modes when the I/O data in the first I/O mode satisfies a transformation-triggering criterion.

26. The non-transitory medium of claim 25 , wherein the I/O modes include a video mode and an audio mode.

27. A non-transitory medium embodying a computer program, the computer program controlling input/output (I/O) of a user's computer, the user's computer being implemented as a virtual machine (VM) in a physical computer system, the physical computer system including at least one device that carries out an I/O operation on the basis of device control data, the computer program causing a central processing unit (CPU) of a physical computer system to perform the following steps: loading an interface software component that interfaces with the VM and the physical computer system; storing the device control data associated with the VM in a buffer; and upon sensing a transformation command from an administrative system external to the VM, causing the interface software component to change contents of the device control data by entering replacement data into at least a portion of the buffer, said replacement data being entered as a processing step that is adjunct to completion of the I/O operation, the entry of the replacement data thereby being undefeatable by any action initiated via the VM.

28. The non-transitory medium of claim 27 , in which the device is a display and the device control data is VM display data.

29. The non-transitory medium of claim 28 , further comprising: the buffer is a display buffer for storing the VM display data that is output from the VM and is intended for display; and the replacement data comprises arbitrary data written to the display buffer; in which the display is provided for displaying the contents of the display buffer.

30. The non-transitory medium of claim 27 , wherein: the device is a data storage device; the I/O operation is a transfer of data between the VM and the storage device; and the replacement data comprises a cryptographic transformation of data written by the VM to the data storage device and of data read from the data storage device by the VM.

31. The non-transitory medium of claim 27 , wherein: the device is a data storage device; the I/O operation is a transfer of data between the VM and the storage device; and the replacement data comprises a compression of data written by the VM to the data storage device and an expansion of data read from the data storage device by the VM.

32. The non-transitory medium of claim 27 , in which the device is a network connection device; the I/O operation is a transfer of data between the VM and the network connection device; and the replacement data comprises a cryptographic transformation of data written by the VM to the network connection device and of data read from the data storage device by the VM.